Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

NewYorkCountryLawyer writes "Jammie Thomas, the defendant in Duluth, Minnesota, RIAA case Capitol Records v. Thomas, has served her expert witness's report. The 30-page document (PDF), prepared by Prof. Yongdae Kim of the Computer Science Department of the University of Minnesota, attacks the reports and testimony of Prof. Doug Jacobson, the RIAA's expert, and the work of the RIAA's investigator, Safenet (formerly known as MediaSentry). Among other things, Dr. Kim termed MediaSentry's methods 'highly suspect,' debunked Dr. Jacobson's 'the internet is like a post office' analogy, explained in detail how FastTrack works, explored a sampling of the types of attacks to which the defendant's computer may have been subjected, accused Jacobson of making 'numerous misstatements,' and concluded that 'there is not one but numerous possible explanations for the evidence presented during this trial. Throughout the report I demonstrate possibilities not considered by the plaintiff's expert witness in his evaluation of the evidence...' Additionally, he concluded, 'MediaSentry has a strong record of mistakes when claiming that particular IP addresses were the origins of copyright infringement. Their lack of transparency, lack of external review, and evidence of inadequate error checking procedures [put] into question the authenticity and validity of the log files and screenshots they produced.'"

The use of screen shots (and indeed printouts) from computers in legal trials in the UK in the 1990s resulted in a body of case law in which it was pointed out that anyone can make a computer show anything you like, that doesn't mean the data is valid.

(This case law was frequently as a result of a popular defense tactic against the Poll Tax. Just because a printout says X owes Y amount doesn't mean that this is true. You can't cross-examine a computer.)

It would be good if this argument made its way into the US legal system, but for all the flak that UK judges get for ignorance, I suspect they are smarter when it comes to technology.

No, you're parsing the GP's sentence incorrectly. The GP is not claiming that the individuals comprising the EU each have more knowledge about tech than the individuals comprising the US, but that the EU as a totality has more knowledge. In other words:

I'll never understand how people can base a legal argument around a text file.

Unless you have an officer of the court present during the writing of the router code, the server code, the logging module code, storage of the logs, retrieval of the logs, and on and on and on... it's all absolute bullshit. Strike that 'unless', it should be 'even if'. There's not a person here (he said, as if it was 1998) who couldn't fake this shit given physical access and a week to study.

Yeah use the Slashdot defense. Bring a 7 year old into the court and have them edit the text file and/or modify the screenshot in about a minute. Remember that the RIAA and MediaSentry are heavily biased parties. They have a long range of abuses of the legal system abuses and lets not forget their attack dog (MediaSentry) is not even a licensed investigator either.

I've prepared a few expert reports in my time, but IANAL, however, as satisfying/intimidating these reports may be, most of the time they'll be downplayed or ignored by the other side. In court, if you ignore it, unless the judge is on the other side, it DOES go away.

I'm waiting for the expert testimony, because anybody can type up 30 pages that equate to "Nuh-uh!" but judges sit up and take notice when someone sits in the witness chair and says "Nuh-uh!"

Essentially, what I'm saying is that while the slashdot community will rally around this news item, the legal community won't take notice until there's a precident.

Yeah, digital evidence can be such a bitch, especially when you gather it remotely. You have no idea if the client (remote end) is telling the truth or not, let alone if it was tampered in transit or not, and even if none of that is true, there's still no way to link what a computer does definitively to what a person designated as the primary user of that system, simply because that system could have been previously compromised via a litany of vectors. In short, why this ever got this far is beyond me... The standards of evidence have slipped quite a bit. These days, you yell "computer!" in a crowded court room and bring in an "expert" in a suit, and the judge and jury will believe just about anything. IP addresses and hashes as "digital fingerprints"? a smack of MP3s on a hard-drive is "evidence"? If I rip a CD I legally purchased, encode it into MP3, and then the CD is damaged and thrown away, or stolen, does that make my digital copy illegal? Apparently. things that are perfectly legal to do to their physical counterparts become illegal to do when a computer becomes involved, simply because someone yelled "computer!" in a crowded court room.

I say we prosecute anyone who shouts "computer!" in a crowded court room for the mere cause of starting a panic. If we play our cards right, their actions will be exempt from First Amendment protections.

They may have overturned the original ruling, but the analogy still holds: it still would be illegal to falsely shout "Fire!" in a crowded theater, as it would incite a dangerous stampede of theatergoers.

In short, why this ever got this far is beyond me... The standards of evidence have slipped quite a bit.

I'm not fan of the tactics of the RIAA, but posts like yours drive me insane. Why do computer geeks seemingly have so much trouble with the concept of "guilty beyond a *reasonable* doubt?" The quote is NOT "guilty beyond all doubt".

Yes, it's theoretically possible that someone broke in and used your computer to download MP3s. However, that's not reasonable.

I'm not fan of the tactics of the RIAA, but posts like yours drive me insane. Why do computer geeks seemingly have so much trouble with the concept of "guilty beyond a *reasonable* doubt?" The quote is NOT "guilty beyond all doubt".

Cases based largely if not entirely on circumstantial evidence (which is what data remotely gathered is), do not rise to "beyond a reasonable doubt". I'd go as far as to say -- why the hell does this get before a judge and not get thrown out? Because the judge doesn't understand that all the crap that RIAA puts in front of him/her is circumstantial. And then they sign a bunch of warrants and set everything in motion -- which thanks to recent supreme court rulings, can be admissible even if the original reasons were complete bunk. So in short, RIAA is playing on the technical ignorance of judges to advance these cases, hoping that their circumstantial evidence leads to admissible evidence at trial.

And THAT is the abuse of the system, and posts like yours "drive me insane" because posters like you fail to see the larger issue because you're hyper-focused on the little tiny things like whether a certain word was stressed or not.

Cases based largely if not entirely on circumstantial evidence (which is what data remotely gathered is), do not rise to "beyond a reasonable doubt".

The trick that is killing everyone though is that "beyond a reasonable doubt" is only the bar for criminal cases. In civil suits like those the RIAA is pursuing the burden of evidence is much, much lower. When people go into the court thinking it'll be a cake walk because they can plead reasonable doubt they get burnt when reasonable suspicion is sufficient to

Also, the RIAA, as far as I know, doesn't have to meet the "reasonable doubt" standard, but the "preponderance of evidence" standard, which basically means that they have to prove that their story is more likely than the other side's.

I think that if they had to meet the "guilty beyond reasonable doubt" test, they would fail. It is certainly reasonable that a third party infected her computer and used it for their purposes, if her computer was a bot- and virus-infested nightmare, as I suspect it was.

The real risk for MediaSentry here is that their methods don't seem to have any rigour at all, and may not actually qualify as evidence at all. I'm more interested in the lack of time stamps, investigator's licenses, or protocols for preservation of evidence than in the possible attack vectors available to a third party.

If the MediaSentry evidence is all they have, and it gets thrown out because of Dr. Kim's expert testimony, the RIAA won't have anything left.

Both your examples are unlikely. And, I'll note, not listed in Dr. Kim's report. (You did read the report, right?)

In this case, the RIAA expert didn't even admit the possibility of likely things.

For example, until I locked it down, neighbors on both sides of my place were stealing bandwidth off the wireless router where I rent. If they were downloading music, we'd be the ones hit, because it would be our router that would be showing up in ISP records / on Kazaa. (A similar example appeared in Dr. Kim's report. You did read the report, right?)

The RIAA "expert" seemed to think that because the (non-timestamped) traceroute went to Thomas's computer, that it -always- went there. This isn't automatically the case. IP/MAC spoofing or other attacks (as appeared in Dr. Kim's report. You did read the report, right?) can easily obfuscate the issue.

The RIAA's expert also said that the presence of MP3s showed that Thomas downloaded them from the internet, again, ignoring the extremely likely possibility that Thomas ripped them from CD (which, I will note is both extremely easy, and mentioned in Dr. Kim's report. You did read the report, right?).

The problem with the RIAA expert is that he neglected to list other possibilities. Would he have needed to list the extremely unlikely ones? No.

But he did need to address likely alternative explanations. And when you add his extremely bad analogies, and apparent lack of understanding of NAT (to be 'fair', he could actually understand NAT, but ignored it because it would weaken his report, but that's being a bad expert), his report deserved to be torn apart by Dr. Kim. (You did read the report, right?)

In this case, the RIAA expert didn't even admit the possibility of likely things.
For example, until I locked it down, neighbors on both sides of my place were stealing bandwidth off the wireless router where I rent. If they were downloading music, we'd be the ones hit, because it would be our router that would be showing up in ISP records / on Kazaa. (A similar example appeared in Dr. Kim's report. You did read the report, right?)
The RIAA "expert" seemed to think that because the (non-timestamped) traceroute went to Thomas's computer, that it -always- went there. This isn't automatically the case. IP/MAC spoofing or other attacks (as appeared in Dr. Kim's report. You did read the report, right?) can easily obfuscate the issue.
The RIAA's expert also said that the presence of MP3s showed that Thomas downloaded them from the internet, again, ignoring the extremely likely possibility that Thomas ripped them from CD (which, I will note is both extremely easy, and mentioned in Dr. Kim's report. You did read the report, right?).
The problem with the RIAA expert is that he neglected to list other possibilities. Would he have needed to list the extremely unlikely ones? No.
But he did need to address likely alternative explanations. And when you add his extremely bad analogies, and apparent lack of understanding of NAT (to be 'fair', he could actually understand NAT, but ignored it because it would weaken his report, but that's being a bad expert), his report deserved to be torn apart by Dr. Kim. (You did read the report, right?)

Good post. When I deposed Dr. Jacobson [blogspot.com] in the UMG v. Lindor case, he admitted that he had never considered any alternative explanations.

Dr Jacobson is not stupid, I've met the man. I graduated with a degree in computer science from Iowa State University in December. I haven't taken a class from him, but again the man is not stupid.
He's malicious.
He's being paid.
In fact I bet he even knows his testimony is full of shit.
Again, he's being paid.

More than being paid, he has a major financial interest in the "Audible Magic" software which the RIAA is peddling for him. They go to LAN operators and say "Pay us $76,000 [blogspot.com] and the letters will stop".

Would a "reasonable man" conclude that those interests are in conflict? If the answer is yes (and it probably is) then why was Dr Jacobson not eliminated as an expert witness straight away by a defense attorney raising an objection in court and mentioning this conflict? Perhaps I am missing something here, but I am sure that NYCL can explain.

Would a "reasonable man" conclude that those interests are in conflict? If the answer is yes (and it probably is) then why was Dr Jacobson not eliminated as an expert witness straight away by a defense attorney raising an objection in court and mentioning this conflict? Perhaps I am missing something here, but I am sure that NYCL can explain.

I don't know why the defendant's lawyer did not object to the RIAA expert. He is a veteran trial lawyer; he must have had his reasons.

I can tell you this:

Jacobson's financial conflicts of interest would not have been grounds for excluding his testimony, it would merely have gone to his credibility;

there were good grounds for excluding his testimony, namely that the record companies had failed to lay a proper foundation for the admissibility of his expert testimony under the Federal Rules of Evidence a

Bear in mind that MediaSentry has accused a laser printer of sharing music files. Not just alleged, stated that they had proof positive of that laser printer serving up MP3s via a P2P network. That alone suggests to me that their "evidence" is shaky at best.

The concept of a laser printer serving up MP3s isn't that far fetched. It could have an internal drive. Most high volume printers either have huge amounts of RAM (huge being in the low multi-gigabyte range) or internal drives. That space is used to cache large print jobs. Now granted, a couple of gigs isn't much in the grand scheme of things, but at about 10MB per MP3 file, you could easily fit a couple albums on your average high capacity network printer and still have some room left over.

Oh, it could certainly store the files. But how's it going to run the P2P software to share them out? These things aren't desktop PCs where you can install any software you want on them, they're embedded systems running out of on-board firmware that can't be updated except by a factory tech (because if the customer could update it they could unlock features they aren't paying for, and we can't have that now can we). Smaller printers like LaserJets are more amenable to being hacked, but they lack the storage

I find this all very interesting from a kind of "we're living through history" perspective. What we've been witnessing over the past few years is almost the complete devaluation of the record company's main 3 products, 'recording', 'promotion' and 'distribution'.

Artists needed record companies to make them nice recordings and to promote them (advertising and getting their records out). The record companies made most of their money off of record sales. The artists made most of their money off of concerts and appearances. With recording equipment fairly inexpensive in comparison to the recent past, and free or nearly free software that can professionally mix, recording now comes at a very low cost. The only real advantages of a studio now are the sound-proof room and the technician that knows what they're doing. If a musician spends the time to learn and experiment with acoustics, the trained technician becomes less valuable, and all you need is some equipment and a nice room.

It's obvious to anyone reading Slashdot that promotion and distribution can be handled through the Internet now for extremely little money.

It's amazing to think how these 3 things which were so valuable for such a long time became cheap so suddenly. The argument that file sharing is anti-capitalist is completely incorrect. It's capitalism at work. It's just that the value of the job that record companies do is no where near the value it had even a decade ago. Ironically, pretending it's still the same is anti-capitalism.

How could a legitimate expert in the field make the errors and omissions Prof. Doug Jacobson did in his testimony? It appears from what has been said that either Jacobson's academic credentials or his honesty are suspect. These omissions are not minor, nor are they so esoteric that a so-called "expert witness" could be forgiven for being unaware of them.

What would be interesting, and possibly helpful, would be a screenshot showing that someone with the IP address of a SafeNet office (or an RIAA lawyer's law office) has a lot of files on their computer with filenames suggesting kiddy porn or something to that effect. Introducing that faked screenshot as evidence would be interesting, since any testimony supporting the validity of the Safenet screenshots may support a felony case against Safenet (or the RIAA lawyer).

I don't have the skills/time to find the appropriate IP addresses, ascertain operating systems and such, and then fake the believable screen shot. I don't know that it would be legal, either, so please don't take this as a suggestion. It would be interesting in court, though.

It wouldn't be legal. It'd be outright criminal. If you want to demonstrate that you can fake information on a screenshot, go ahead and do it, but do not implicate anybody else for anything, particularly a heinous crime.

I figure that if the idea is to prove that you can fake a screenshot, a screenshot that implicates those that are trying to disprove that fact with a heinous crime will bring them around to the realization that a screenshot can be faked, provided that the evidence is entered as proof that yo

Artists deserve to make money on their work. We dislike the RIAA because they use questionable tactics and have a history of going after individual, largely non-technical defendants and suing them into the stone age.

And no, downloading music without paying for it is not STEALING. It's copyright infringement.

We don't want something for nothing. We want the right to purchase digital music ONCE with the ability to transform that single digital copy into any media or format we choose... and purely for personal use.

I've purchased several thousand dollars worth of music over the past 35 years, and I think I'm justified in making a few MP3 copies of the various music CD's I've legally purchased and the older LP's that I've legally taped, then legally converted to digital media.

Piracy has always been here, so expecting it to ever disappear is just dumb. Let us not forget that the iTunes Music Store brought music sales back up. Have sales started going back down since they went DRM free?

You're assuming that everyone pirating, or even just a significant percentage of them, would have purchased the music otherwise. Do you actually expect a business model built around selling physical media in an age where the media can be reproduced by anyone at virtually no cost or effort?

They can have $.99 when I can download a non-lossy format free from DRM in an open format that I am allowed to use how I see fit. As long as it is fair and I do not re-distribute. That is what I had with CD's. This is what I want with online purchases. Also, while I am on the topic of online, when I can download the song and save it without having to use their software program to "manage" it then they can have my money. If I wanted bloatware slowing down my computer then I would install Windows*. Than

They can have $.99 when I can download a non-lossy format free from DRM in an open format that I am allowed to use how I see fit. As long as it is fair and I do not re-distribute. That is what I had with CD's.

Then why are you pirating, and not buying CD's? Seriously, if you want to pay for your content, and you want it to have all those qualities, why aren't you buying a CD?

Again, I'm not against piracy; I'm against your rationalizations. Your misrepresentation of the thoughts of the average pirate do as much damage to the cause of copyright reform as the misrepresentations of the RIAA.

Unless we are all honest about the causes and results of piracy, we'll never be able to have an honest debate about copyright.

Please tell me where I can order a CD with just the songs I want on it?

Oh right, you need to buy the whole package.

If you pay $20 for a CD with 10 songs, but you only listen to 5 of them, you're effectively paying $4 per song; rather than the $2 per song nominal price. So you're just making the argument that people pirate because music is too expensive. How does that square with the "piracy does not equal lost sales" argument? You can't have it both ways.

Amazon allows you to download straight unprotected MP3s. There's no specific program from them that you HAVE to use to manage the resulting downloads although they do have one that will automatically place them in artist folders and register them with iTunes if you want to use it. I agree it would be nice to have the files lossless but I'd simply rip them anyway:-)

"lossy" when referring to an audio recording doesn't refer to the fact that the media itself will not degrade, it refers to the fact that the waveform as stored/reproduced does not perfectly record the waveform as originally played. As such, every playback medium that's come out since 8-track tapes has been "lossy", because to some extent they've all been digital representations of the waveform rather than the actual wavefrom. You are literally losing some of the information in the waveform because you have

But seriously, it will take time. The piracy market will always exist, and that's just the way it is. But it probably would have been much smaller if DRM-free downloads had beaten Napster out the door. Hell, even DRM-laden downloads probably would have worked. But it's been nearly 10 years now of free music, and up til now it's been better than pay-for options. So it will take some time to get people to gravitate toward legals options.

Only to a select few. With the frequently-run Amazon MP3 specials putting ten or more tracks out there for $2-4, I find myself buying a decent amount of music recently. It takes two minutes to download (ignoring the time spent to FIND a good torrent, they're still almost always much slower), has all the metadata and cover art done correctly (torrents VERY rarely can say the same), and there's no question to the legality. I've bought from iTunes once, and have avoided it entirely since having been burned

And neither would the production of music by the artists be worth the effort.

Excuse me, but your assuming that most artists have ever received a monetary return that would financially make creating & performing music "worth it". Here's a clue from a musician of 30-plus years; most musicians, even very talented and creative musicians, don't make anywhere near what it costs them to create and perform their music in just about any measure you'd care to use.

We real musicians don't play and write for money...we do it because the music is inside us and burning a hole in our souls to get out. Between instrument and equipment costs, travel costs, etc etc, we rarely ever break even and even more rarely do we ever actually get ahead financially. This is why the majority of musicians have day jobs. Even many artists signed to a label seldom come out ahead because of "Hollywood accounting".

Read this piece by Steve Albini on what a typical artist/band goes through even in the rare case they're even offered the chance to sign with a major label.

That's a pretty good point, possibly because everyone who would use itunes is already doing it? I've been scared off by their crappy interface before, and the way they charged *more* for not having DRM in the past, i just assumed that they had jacked up their prices across the board without really thinking about it. Probably should curb my piracy and give it another shot.

Some people pirate music they already own just because it`s faster (downloading 60mb? not even a minute) than the hassle of putting the cd in the tray, clicking convert, and picking it out. And the filenames are already typed in a convenient way.

Did you infringe someones copyright ? It would be hard to say so on this, since you made a copy for yourself of something you had the right to make a copy for yourself..

Some people pirate music they already own just because it`s faster (downloading 60mb? not even a minute) than the hassle of putting the cd in the tray, clicking convert, and picking it out.

Unless you can show that a non-negligible percentage of file-sharing is done for this reason, you haven't added anything to the discussion. Of course there are plenty of legitimate (as I believe this is) reasons to file-share. But the vast majority of the infringing traffic is generated by people who just want music for free.

I don't think I've ever seen a music torrent complete in less time than it would take me to rip a CD and grab the track listing from CDDB. Maybe usenet is faster; I wouldn't know. Regardless, there are probably about ten people alive who have "pirated" music simply to avoid ripping it from a CD they already own.

I dunno' but ever since I discovered that Amazon had DRM free MP3 at decent bitrates for reasonable prices I've been buying new music for the first time in about 8 years. Previously I would usually buy a used CD and rip it or borrow a friends - occasionally I'd download from someplace although honestly my tastes in music haven't found me wanting much of the new stuff. Now that I can cherry pick what I actually DO like from Amazon and often pay less than a buck while being able to easily put it on or play it

CD's are platform-locked; you have to have a CD player. Generic mp3's are platform-locked; you have to have a computer or dedicated mp3 player. Records are platform-locked; you have to have a turntable.

I own a Sony CD transport. I also own two Pioneer DVD-RWs which are good at reading red book CDs. My fiancee owns a portable CD player made by some yumcha brand or other, and we both have CD players (manufactured by different manufacturers) in our automobiles. If the fancy took me, I could trivially, using the technology on hand, assemble SOME device which could play red book PCM audio. Even if Sony and Philips both went bankrupt tomorrow.

Add to that... I dislike the RIAA because I don't believe they represent the Artists as much they they'd like us to think. Their members are most notably Sony, EMI, Warner and Universal, not the drummer who started distributing with a CD burner. If anything, those little guys want nothing to do with the RIAA. Smart people.

Ok here is where I have an argument. The conceptual difference between "copyright infringement" and "stealing" is null. So why the obfuscation and insistence that what you are doing is not stealing. Illegal enrichment is illegal enrichment.

Fraud is not theft. Murder is not theft. Rape is not theft. Most things that are illegal are not theft. Calling copyright infringement "theft" is just stupid.

There is also the principle that the law makers know what they are talking about and that when a law says what it says that is intentional. The US law says that theft is taking something away illegally from the rightful owner to deprive him of his property (thus a policeman taking a cigarette lighter away from the rightful owner who wants to light a cigarette at a petrol station with spilled fuel is not committing theft). When the law says "to deprive the rightful owner", they mean it. If the rightful owner is not deprived of anything, it is not theft in US law. For comparison, German law says it is theft to "take something away illegally from the rightful owner to enrich yourself". Immaterial items are excluded for other reasons, but the argument that the owner is not deprived of anything would not count in German law.

You Poor fuckers need to get out of your parents basement and get a job you freeloading fucktaints.

Not a good thing to say at the start of a depression, friend. people [wikipedia.org] have been guillotined for less.

Firstly, the RIAA has not "given" any funds back to the "artists" it represents, they're just a high profile organization that tries to scare people away from copying music - legally or otherwise. Secondly - their outrageous claims about "lost profits" and "starving artists" are patently false. It's like the US complaining about the lost tax revenue it has to bear every year by NOT conquering the world. It makes no sense. However no doubt the same accountants and mathematicians representing the RIAA also worked in the financial industry up until recently.

Frankly, I think that digital distribution of media - especially music and film, is the way to go. It's much more environmentally friendly and economically efficient - after all, if "pirates" can do it for FREE then surely the COST can't be all that great. There may be a slight problem with expecting people to pay $15 for a CD or $1 for a song, however. But look on the bright side, if artists earn less perhaps that will force the price of their cocaine down due to demand destruction?